CL0P Ransomware: Latest Attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Cl0p ransomware group has recently targeted 43 organizations across various industries, with a focus on Manufacturing, Retail, and Transportation sectors. The majority of victims are located in the US, Canada, and Europe. The attackers likely exploited the Cleo vulnerability (CVE-2024-50623) for initial access. Over 1.6 million assets are potentially vulnerable to this exploit. The report provides IOCs, MITRE ATT&CK techniques, and YARA rules for detection. Cl0p is associated with the Russian cybercriminal group TA505/Evil Corp, known for custom malware development and sophisticated attack techniques. Recommendations include prioritizing patch management, implementing robust email filtering, and strengthening overall security posture.
OPENCTI LABELS :
ransomware,data exfiltration,transportation,manufacturing,cve-2024-50623,retail,ta505,cl0p,cleo vulnerability,evil corp
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
CL0P Ransomware: Latest Attacks